Germany and Facebook Say: No more crypto for you

grarpamp grarpamp at gmail.com
Sun Jun 2 14:03:02 PDT 2019


https://www.forbes.com/sites/kalevleetaru/2019/05/28/facebook-is-already-working-towards-germanys-end-to-end-encryption-backdoor-vision/
https://thenextweb.com/world/2019/05/29/a-german-minister-wants-access-to-your-encrypted-whatsapp-and-telegram-messages/
https://carnegieendowment.org/2019/05/30/encryption-debate-in-germany-pub-79215
https://www.wired.co.uk/article/wired-awake-290519
https://www.schneier.com/blog/archives/2019/05/germany_talking.html


Facebook previewed all of the necessary infrastructure to make
Germany's vision a reality and even alluded to the very issue of how
Facebook's own business needs present it with the need to be able to
covertly access content directly from users' devices that have been
protected through end-to-end encryption...

While it was little noticed at the time, Facebook's presentation on
its work towards moving AI-powered content moderation from its data
centers directly onto users' phones presents a perfect blueprint for
Seehofer's vision. Touting the importance of edge content moderation,
Facebook specifically cited the need to be able to scan the
unencrypted contents of users' messages in an end-to-end encrypted
environment to prevent them from being able to share content that
deviated from Facebook's acceptable speech guidelines. This would
actually allow a government like Germany to proactively prevent
unauthorized speech before it is ever uttered, by using court orders
to force Facebook to expand its censorship list for German users of
its platform.

Even more worryingly, Facebook's presentation alluded to the company's
need to covertly harvest unencrypted illicit messages from users'
devices without their knowledge and before the content has been
encrypted or after it has been decrypted, using the client application
itself to access the encrypted-in-transit content. While it stopped
short of saying it was actively building such a backdoor, the company
noted that when edge content moderation flagged a post in an
end-to-end encrypted conversation as a violation, the company needed
to be able to access the unencrypted contents to further train its
algorithms, which would likely require transmitting an unencrypted
copy from the user's device directly to Facebook without their
approval.

Could this be the solution Germany has been searching for?
The article warns that by "sparking the idea of being able to silently
harvest those decrypted conversations on the client side, Facebook is
inadvertently telegraphing to anti-encryption governments that there
are ways to bypass encryption while also bypassing the encryption
debate."


More information about the cypherpunks mailing list